package pers.lt.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * Created by lt on 2016/8/3.
 * 权限过虑
 */
public class CommonAuthFilter extends AuthorizationFilter {
    public CommonAuthFilter(){

    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        String requestURI = WebUtils.getPathWithinApplication(WebUtils.toHttp(servletRequest));
        Subject subject = this.getSubject(servletRequest, servletResponse);
        //超级管理员无阻
        if(subject.hasRole("adminrole")) return true;
        //subject.getPrincipals()
        return subject.isPermitted(requestURI);
    }
}
